Forcing HTTPS on admin pages

jamatrucola · June 24, 2017, 3:48pm

Hello

I am trying to force the admin pages, and most importantly the admin login page, to use https even if the request comes in as http. I have set the following in my configuration:

define(‘ADMIN_PROTOCOL’,‘https’);

but it doesn’t seem to have any effect. If I visit http://mysite.org/lists/admin the connection does not switch over to https. I should point out that I have the SSL certificate all set up and working properly on the site. If I explicitly visit https://mysite.org/lists/admin it works fine, but I don’t want to rely on expecting the user to remember to type the S in the URL.

I figured out another way to accomplish this, which involves editing the .htaccess file for the /admin directory, but this is less than ideal since those changes will get erased with an upgrade to phpList in the future.

Any thoughts/suggestions are most appreciated.

Thanks!

danwaterloo · June 24, 2017, 4:00pm

You could set the url re-write commands in your apache .conf file (httpd.conf)?

jamatrucola · June 24, 2017, 8:09pm

Great suggestion. Thanks Dan!

For future visitors, here’s what I did. I added the following within the appropriate < VirtualHost *:80 > section of my httpd.conf file

<Directory "/path_to_phplist/admin">
    	Allow From All
	RewriteEngine On 
	RewriteRule ^(.*)$ https://www.mysite.org/lists/admin/$1 [R,L]
</Directory>